Microsoft Deepens Hotmail HTTPS Encryption for Security

Microsoft has added the option to turn on HTTPS encryption to protect your entire Hotmail session.

Microsoft is building on its recent security announcements
for Windows Live Hotmail with the addition of
a new always-on HTTPS encryption option.
Microsoft announced the feature Nov. 9. With it, Hotmail users
will have the option to secure their entire Hotmail session with HTTPS,
instead of just their log-in. The change "joins a series of other
recent security updates, with which Hotmail offers advanced security
safeguards to help protect your e-mail account from hijackers and
fraud," blogged Dick Craddock, group program manager for Windows Live
Hotmail.

Just recently, Microsoft rolled out a number of changes to
Hotmail to improve security. The new features covered a lot of ground,
from new proofs for user authentication to capabilities meant to detect
hijacked accounts. The company introduced the ability for users to add
a "Trusted PC" associated with their account, as well as the ability to
add a cell phone number to their account that Microsoft can send
password reset information.

In January, Google switched HTTPS to
always-on by default for Gmail users. Two months later the
company added a feature to warn Gmail users if their account has
been compromised. The feature flags suspicious activity and generates a red alert, along with information about where the account is being accessed from.
To protect against account hijacking, Microsoft recently added
heuristic-based detection to sniff out changes in log-in behavior, spam
being sent from the account or other suspicious activity. When a
compromised account is discovered, it is blocked to prevent further
abuse and vacation auto-reply messages and linked accounts are
suspended, Microsoft has said.
In the case of HTTPS, Hotmail users can enable encryption for their inbox, calendar, and contacts, by going to https://account.live.com/ManageSSL.
"Once you enable this feature, all of your future connections to Hotmail will be delivered over SSL," Craddock wrote.
In addition, SkyDrive, Photos, Docs and Devices pages all automatically use SSL encryption as well, he added.
"By using a connection with advanced security features, you can be
even more confident that your account is safer from hijackers, and your
private information is less likely to fall into someone else's hands,"
he wrote.
Some connections to Hotmail won't be available for users who turn on
HTTPS, including Outlook Hotmail Connector, Windows Live Mail and the
Windows Live application for Windows Mobile (versions 6.5 and earlier)
and Symbian.